Manager-Security Incident Response - Remote

Only for registered members Remote, United States

8 hours ago

Default job background
Description · American Specialty Health Incorporated (ASH) is seeking a Manager-Security Incident Response & Operations to join our Information Security department. · The primary purpose of this position is to be responsible for providing cyber incident response subject matter ex ...
Job description

Description


American Specialty Health Incorporated (ASH) is seeking a Manager-Security Incident Response & Operations to join our Information Security department.

The primary purpose of this position is to be responsible for providing cyber incident response subject matter expertise while collaborating on numerous security projects and operational improvement initiatives. This position will support the operational activities of junior-level cyber analysts while helping to develop the team's investigative skillset, process, and playbooks. In this role you will champion incident response services enrollment requirements to ensure progressive operational effectiveness and alert fidelity. In addition, you will be responsible for continuously identifying gaps and managing the improvements in security response process, technologies, and monitoring. Working closely with internal architecture, engineering, and project management teams, you will ensure cyber-defense requirements are identified and communicated early in the project life cycle.

Salary Range

American Specialty Health complies with state and federal wage and hour laws and compensation depends upon candidate's qualifications, education, skill set, years of experience, and internal equity. $112,500 to $175,000 Full-Time Annual Salary Range.

Remote Worker Guidelines

  • Remote Worker Guidelines: This position will be trained remotely and must be able to work from home (WFH) in a designated work area with company-provided technology equipment. This WFH position requires you have a stable connection to your Internet Service Provider with the ability to participate by video in online meetings over a reliable and consistent network. The internet connection must have a consistent 50 down/10 up Mbps minimum internet speed. 100 down/20 up is recommended to support higher quality video meetings.
  • Responsibilities

  • Providing cyber incident response subject matter expertise while collaborating on numerous security projects and operational improvement initiatives.
  • Manage SIEM operations.
  • Support cyber incident response actions to ensure proper assessment, containment, mitigation, and documentation.
  • Hunting to identify anomalous and malicious behavior, enhance SIEM rules to automate continuous identification.
  • Interact and assist other investigative teams within American Specialty Health on time sensitive, critical investigations.
  • Manage third-party MSSP (SOC) to ensure appropriate levels of incident response time, enrichment of SIEM content, and identify gaps in logging and monitoring coverage.
  • Drive continuous improvement of incident response processes, playbooks, and detection capabilities.
  • Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security investigations.
  • Train matrixed team members on hunting, investigative, and forensic tools and processes
  • Help create, support, and participate in purple team exercises.
  • Manage the security monitoring enrollment process to ensure adequate coverage and effectiveness of all new and existing cloud and premise-based applications, services, and platforms.
  • Maintain detailed tracking plan of all internal/external enrollment outcomes/recommendations, and provide support through to implementation.
  • Act as a liaison between security operations, engineering, security architecture, network & system operations, and functional project teams to ensure effective project implementation that meets incident response requirements.
  • Work with colleagues in other technology departments as well as the business and product offices to establish effective, productive business relationships.
  • Define baseline security monitoring requirements for all new projects, services, and applications joining the American Specialty Health network.
  • Facilitate the development and tuning of SIEM rules to support enrollments and ensure high fidelity alerting.
  • Review and analyze cyber threats and provide SME support and training to junior level security analysts.
  • Performs other duties as assigned.
  • Complies with all policies and standards.
  • Qualifications

  • Bachelor's Degree in Computer Science, Information Security, Computer Engineering, related area of study, or equivalent experience required. If related experience, high school diploma required.
  • 10+ years of combined relevant experience using hunting and using IR technologies and/or industry-standard tools required.
  • 5 years in SIEM management required including:
  • Content management (e.g. parsing and correlation rules)
  • Case management ensuring sufficient due diligence steps are completed
  • Security Orchestration, Automation, and Response (SOAR) technology
  • Threat intel feeds
  • Use case mapping
  • 2 years of management experience required.
  • Experience writing thorough investigative reports detailing incident findings required.
  • Experience with Threat Intel providers and distribution of relevant information required.
  • Demonstrated experience in an enterprise-level incident response team or security operations center. Direct experience handling advanced cyber security incidents and associated incident response toolsets required.
  • Experience with systems and monitoring within Microsoft Azure preferred.
  • Experience managing a third party SOC preferred.
  • Proficiency with analysis and characterization of cyber attacks (Kill Chain, MITRE ATT&CK).
  • Proficiency with common operating systems (Linux/Unix, Windows), with a demonstrated understanding of how they may be compromised.
  • Proven subject matter expertise in relevant areas, such as incident response, intrusion analysis, incident handling, malware analysis or security engineering.
  • Strong ability to lead matrixed teams.
  • Strong interpersonal and leadership skills to influence and build credibility as a peer.
  • Skilled in identifying different classes of attacks and attack stages
  • Strong knowledge of malware families and network attack vectors.
  • Strong knowledge of Windows system internals.
  • Strong knowledge of web applications and APIs.
  • Strong scripting skills.
  • Strong working knowledge of common security tools, such as a SIEM, AV, scanners, proxies, WAFs, netflow, IDS/IPS, Snort, and forensics tools.
  • Advanced technical knowledge associated with various operating systems, network services and applications. A keen understanding of logging components and capabilities.
  • Possess a demonstrated sense of urgency with the ability to perform well under significant enterprise-wide pressure.
  • Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied (including executive) audiences.
  • Relevant security related certifications: GCIA, GSEC, GCIH, GCED, GCFA, GREM,ECIH, CSIH, CIHE preferred.
  • Core Competencies

  • Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships.
  • Ability to display excellent customer service to meet the needs and expectations of both internal and external customers.
  • Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment.
  • Ability to effectively organize, prioritize, multi-task and manage time.
  • Demonstrated accuracy and productivity in a changing environment with constant interruptions.
  • Demonstrated ability to analyze information, problems, issues, situations, and procedures to develop effective solutions.
  • Ability to exercise strict confidentiality in all matters.
  • Mobility

  • Primarily sedentary, able to sit for long periods of time.
  • Physical Requirements

  • Ability to see, speak, and hear other personnel and/or objects. Ability to communicate both in verbal and written form. Ability to travel within and around the facility or Work from Home (WFH) environment. Capable of using a telephone, computer keyboard, and mouse. Ability to lift up to 10 lbs.
  • Environmental Conditions

  • Work-from-home (WFH) environment.
  • American Specialty Health is an Equal Opportunity/Affirmative Action Employer.

    All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth, related medical conditions, breastfeeding, and reproductive health decision-making), gender, gender identity, gender expression, race, color, religion (including religious dress and grooming practices), creed, national origin, citizenship, ancestry, physical or mental disability, legally-protected medical condition, marital status, age, sexual orientation, genetic information, military or veteran status, political affiliation, or any other basis protected by applicable local, federal or state law.

    Please view Equal Employment Opportunity Posters provided by OFCCP here.

    If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact our Human Resources Department at x6702.

    ASH will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.

    #LI-Remote #Security #Infosec #Incident #Manage #SIEM



    Similar jobs

  • Work in company

    Incident Response Business Analyst

    Only for registered members

    · Do you like to be where the action is?  Do you enjoy solving complex problems and collaborating with others to find solutions?  Are you organized, positive-minded, and an excellent communicator – even under pressure? If so, the Incident Response Management Team at Grant Street ...

    United States (Remote) $70,000 - $120,000 (USD) per year

    8 hours ago

  • Work in company

    Incident Response Security Engineer

    Only for registered members

    We're on a mission to transform how companies use data. Come be a part of our journey. · ...

    United States (remote)

    1 week ago

  • Work in company

    Senior Staff, Incident Response Manager

    Only for registered members

    We are looking for a Senior Staff Incident Response Manager to lead our organization's Security Incident Response strategy. · ...

    Remote - United States

    3 weeks ago

  • Work in company

    Cyber Analyst, Digital Forensics Incident Response

    Only for registered members

    At-Bay is a fast-growth InsurSec company on a mission to bring innovative products to the market that help protect small businesses from digital risks. We believe InsurSec is an $80B market opportunity and we are excited to expand our DFIR team in order to help expand our reach a ...

    Remote (US)

    1 week ago

  • Work in company

    Sr. Cyber Analyst, Digital Forensics Incident Response

    Only for registered members

    At-Bay is a fast-growth InsurSec company on a mission to bring innovative products to the market that help protect small businesses from digital risks. · ...

    Remote (US)

    1 week ago

  • Work in company

    HHS - Incident Responder

    Only for registered members

    · cFocus Software seeks a Incident Responder to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance. · Qualifications:Bachelor's degree in Cybersecurity, Information Te ...

    Remote

    8 hours ago

  • Work in company

    Detection Engineer

    Only for registered members

    We are seeking a skilled Detection Engineer to join our team focusing on implementing configuring and maintaining security detection rules and mechanisms within our customers' on-premise and Google Cloud environments. · ...

    Remote

    1 week ago

  • Work in company

    Major Incident Manager

    Only for registered members

    · Job Title: Major Incident Manager · Work Set Up: Remote Work · Summary: · We are looking for an experienced Incident & Major Incident Manager (Onshore) to join our client's team. The successful candidate will play a key role in guiding our client on best practices for Incident ...

    Remote $80,000 - $135,000 (USD) per year

    8 hours ago

  • Work in company

    SOC Analyst

    Only for registered members

    A SOC analyst's main objective is to identify, investigate, and escalate alerts and events to safeguard sensitive information from unauthorized access or harm caused by cybercriminals or malicious insiders. · ...

    Remote, United States

    2 weeks ago

  • Work in company

    Senior Incident Commander

    Only for registered members

    · We're transforming the grocery industry · At Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting ...

    United States - Remote

    8 hours ago

  • Work in company

    IT Incident Manager

    Only for registered members

    Job summaryThe IT Incident Manager is responsible for the end-to-end coordination and management of all incoming support requests across the organization's IT tracking systems. · Monitor and triage all incoming support requests logged in various IT tracking systems (e.g., Freshse ...

    Remote

    1 week ago

  • Work in company

    Senior Security Operations Engineer I

    Only for registered members

    As a member of our Security Operations Team you will collaborate with a global team of engineers to monitor and respond to security events lead security incidents as Incident Commander and lead digital forensic investigations in support of Employee Relations Legal Compliance or I ...

    Remote - US

    1 week ago

  • Work in company

    HHS - Digital Forensics Analyst

    Only for registered members

    · cFocus Software seeks a Digital Forensics Analyst to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance. · Qualifications:Bachelor's degree in Cybersecurity, Digital ...

    Remote

    8 hours ago

  • Work in company

    Security Operations Engineer

    Only for registered members

    We make things possible for our customers through innovation. · Callyndy is seeking a Security Engineer who will bring curiosity, technical knowledge and desire to up-level people around you. · ...

    Remote - US

    1 week ago

  • Work in company

    Lead Security Analyst, Cloud

    Only for registered members

    This senior-level role focuses on leading cloud-centric and endpoint security incident response with a primary emphasis on AWS environments. · Lead end-to-end investigations of high-severity security incidents across AWS, endpoint, identity, and SaaS environments · ,Track emergin ...

    United States

    1 month ago

  • Work in company

    Senior Security Operations Engineer

    Only for registered members

    As a Senior Security Operations Engineer at Workiva you will play a crucial role in protecting our SaaS platform customers and data across cloud environments such as AWS Azure and GCP. · ...

    USA - Remote

    4 days ago

  • Work in company

    Manager, Information Technology Network

    Only for registered members

    We are seeking a Cybersecurity Operations Manager to lead our SOC team and drive enhancements to SOC capabilities, lead major investigations, measure operational effectiveness through KPIs and SLAs. · ...

    United States Remote

    1 week ago

  • Work in company

    Engineering Manager, Site Reliability

    Only for registered members

    We are seeking an experienced engineering and operational Manager to lead a Site Reliability Engineering (SRE) team at SentinelOne. · ...

    United States - Remote

    1 week ago

  • Work in company

    HHS - Threat Hunter

    Only for registered members

    · cFocus Software seeks a Threat Hunter to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance. · Qualifications:Bachelor's degree in Cybersecurity, Information Technol ...

    Remote

    8 hours ago

  • Work in company

    Senior DFIR Recovery Specialist

    Only for registered members

    We seek an experienced Incident Response Recovery Specialist to join the At-Bay Response & Recovery team. The Senior DFIR Recovery Specialist will support the Response & Recovery remediation team and report to our Incident Response Engineer. · ...

    Remote (US)

    1 week ago